Not all employees and third party vendors are potential threats, but having a program in place to detect and respond to insider threats will strengthen security and protect an organization’s assets.
In reality, every organization should function with the assumption that every employee and partner is a “potential” threat. This might sound harsh, but here’s why. If a company assumes that none of the people who come into contact with their critical data, or even a portion of the people, could do damage, then they are immediately vulnerable. In my professional opinion, every information security program should be based around the fact that everyone is a potential threat. Period. Then build policies and monitor with that understanding in mind.
According to IBM’s recent analysis of cyber-attacks and incident data breaches caused by insiders are both malicious and unintentional. The report notes that over 95% of insider breaches are caused by human error, which means that employees accidentally share confidential information to the wrong party via email, fax, or mail, or improperly disposing of clients’ records.
In contrast to those that accidentally compromise security, there are those with malicious intent who flout policies and find ways to circumvent access controls without regard for consequences.
Designing an insider threat program with these key components in mind with help enterprises better detect insider threats and quickly recover from any incidents.
- Create a clear and formalized policy that is continuously updated with full and frequent corporate-wide participation
- Identify the leadership parties responsible for oversight of the program which should include insider threat awareness training programs
- Include procedures for confidentially reporting suspicious behaviors
- Utilize technical data and behavior analytics that detect anomalies
- Determine clear procedures for responding to and communicating about insider threat